Following a 2013 data breach in which the credit and debit card information of more than 110 million customers was stolen or exposed, Target Corp. sought coverage from its CGL insurers for $74 million that it incurred in settlements with various banks (the credit and debit card issuers) for their costs in issuing new payment cards (both credit and debit cards) to the customers. In a recent decision on the parties’ cross-motions for summary judgment, the U.S. District ... Keep Reading »
Cybersecurity
Missouri Federal Court Finds New York Choice-of-Law Provision Does Not Inhibit Insured’s Assertion of Missouri-Specific Public Policy Statute Violation
In Maritz Holdings Inc. v. Certain Underwriters at Lloyd’s London, a federal court in Missouri denied an insurer’s motion to dismiss the insured’s assertion of a vexatious refusal to pay claim based on an obscure Missouri-specific public policy statute, despite the court’s acknowledgment that the subject insurance contracts were governed by their New York choice-of-law provisions. This insurance coverage dispute stemmed from alleged losses following two separate ... Keep Reading »
Ransomware Attack Replacement Costs Are Covered “Direct Physical Loss or Damage” Under Standard Business Owner’s Policy, According to Maryland Federal Court
A Maryland federal court recently weighed in on the still-murky world of insurance coverage for cybersecurity losses, finding replacement costs necessitated by a ransomware attack were “direct physical loss or damage” to a computer system within the meaning of a business owner’s policy. Even as insurers continue efforts to develop cyber insurance products, National Ink demonstrates potential exposure to carriers under existing non-cyber ... Keep Reading »
Failure to Procure Cyber Insurance Could Haunt Your Company
A federal court in Florida recently adopted the now well-developed consensus that data breach losses are not covered under standard Commercial General Liability (CGL) policies. As the Department of Homeland Security’s officially designated 15th annual Cybersecurity Awareness Month comes to a close, the case stands as yet another stark warning that companies of all sizes – any company that uses, collects, stores or handles confidential personal information such as credit ... Keep Reading »
New Opinions From Second and Sixth Circuit Courts Rock Phishing Loss Coverage Landscape
On July 6, the Second Circuit Court of Appeals set off some fireworks in the insurance coverage litigation field when it found coverage for a “social engineering”/phishing scheme loss, bucking the trend among its sister courts. The appellate court affirmed a Southern District of New York decision that had been a relative outlier, finding coverage under a crime/fidelity policy for a scheme where fraudsters used spoof emails to trick company employees into changing wiring ... Keep Reading »
Eleventh Circuit Affirms No Coverage Under Computer Fraud Provision of Insurance Policy
On May 10, the U.S. Court of Appeals for the Eleventh Circuit affirmed the decision of the U.S. District Court for the Northern District of Georgia in InComm Holdings, Inc. v. Great American Insurance Company. The Eleventh Circuit agreed that Great American’s computer fraud coverage did not apply to holders of prepaid debit cards who exploited a coding error in the insured’s computer system and fraudulently increased the balances on the cards which caused InComm to incur ... Keep Reading »
Fidelity Coverage for Social Engineering Scams: The Ninth Circuit Upholds an Authorized Use Exclusion
Losses from social engineering schemes continue to grow exponentially. According to FBI data published in early 2017, losses from these schemes totaled over $3 billion between 2013, when the FBI started tracking data, and the end of 2016. One recent estimate suggests projected growth to over $9 billion in 2018 alone. The problem is not going away; it's getting much, much worse. Under these schemes, perpetrators trick company employees into believing that they have ... Keep Reading »
CGL Policies and Data Breaches: No Publication, No Coverage
As cyber hacking and phishing schemes become more common, one issue that is often raised is whether, and to what extent, damages resulting from these incidents fall within the coverage afforded under a standard commercial general liability policy. The United States District Court for the Middle District of Florida recently addressed this issue Innovak Int'l, Inc. v. Hanover Ins. Co., No. 8:16-CV-2453-MSS-JSS, (M.D. Fla. Nov. 17, 2017), and held that a data breach was not ... Keep Reading »
District Courts Buck Trend on Fidelity Coverage for Social Engineering and Business Email Compromise Schemes
The FBI continues to warn that losses are on the rise from business email compromise (BEC) or “social engineering” schemes, which the Bureau describes as: Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms. But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to ... Keep Reading »
NY DFS Cybersecurity Regulations Take Effect March 1, 2017
We previously reported on the New York Department of Financial Services’ proposed cybersecurity regulations. During the public comment period, the DFS received over 150 comments. In response, the DFS announced on December 28, 2016, that it had revised the proposed regulations and delayed their effective date two months. On February 16, 2017, the DFS confirmed the final regulations will take effect March 1, 2017, with required compliance 180 days thereafter (August 28, ... Keep Reading »